Global Configuration Mode Filtering
You can filter the contents of event logs at the Exec mode and Global Configuration mode levels.
Follow the example below to configure run time event logging parameters for the system:
configure
logging filter runtime facility facility level report_level
logging display { event-verbosity | pdu-data | pdu-verbosity }
end
Notes:
-
facility facility and level severity_level – Configure the logging filter that determines which system facilities should be logged and at what levels.
-
Repeat for every facility that you would like to log.
-
Optional: Configure event ID restrictions by adding the logging disable eventid command. The system provides the ability to restrict the sending of a specific event ID or a range of event IDs to minimize the amount of data logged to that which is most useful. Repeat to disable logging for additional event IDs or event ID ranges.
-
If an administrator restricts event logging for an Event ID or Event ID range using the above command (logging disable eventid ), the system will generate a Critical Event log "cli 30999 critical" as well as an SNMP trap "1361 (DisabledEventIDs)" with the specific Event IDs or Event ID range that was disabled.
These event logs and traps are enabled by default in this release, and cannot be disabled.
-
If an administrator lowers the logging level (using the logging filter runtime facility facility level report_level command below the default level of "error", the system will generate a Critical Event log "cli 30998 critical" as well as an SNMP trap "1362 (LogLevelChanged)" with the specific Event IDs or Event ID range that was disabled.
These event logs and traps are enabled by default in this release, and cannot be disabled.
show snmp trap statistics
SNMP Notification Statistics:
...
Trap Name #Gen #Disc Disable Last Generated
----------------------------------- ----- ----- ------- --------------------
…
DisabledEventIDs 1 0 0 2021:05:11:15:35:25
LogLevelChanged 2 0 0 2021:05:11:15:28:03
show snmp trap history
There are x historical trap records (5000 maximum)
Timestamp Trap Information
------------------------ -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
…
Thu May 11 15:28:03 2021 Internal trap notification 1362 (LogLevelChanged) Logging level of facility resmgr is changed to critical by user #initial-config# context local privilege level Security Administrator ttyname /dev/pts/0 address type IPV4 remote ip address 209.165.202.129
…
Thu May 11 15:35:25 2021 Internal trap notification 1361 (DisabledEventIDs) Event IDs from 100 to 1000 have been disabled by user adminuser context context privilege level security administrator ttyname tty address type IPV4 remote ip address 209.165.202.134
…
Mon May 15 10:14:56 2021 Internal trap notification 1362 (LogLevelChanged) Logging level of facility sitmain is changed to critical by user staradmin context local privilege level Security Administrator ttyname /dev/pts/1 address type IPV4 remote ip address 209.165.202.120